From c0f0611ebd196fbd46e2e9f9eaa0022e2d2d67b9 Mon Sep 17 00:00:00 2001 From: b2baccline <23131013+b2baccline@users.noreply.github.com> Date: Wed, 27 Jan 2021 15:16:17 +0800 Subject: [PATCH 1/5] =?UTF-8?q?:sparkles:=20=E6=95=B0=E6=8D=AE=E6=9D=83?= =?UTF-8?q?=E9=99=90=E6=8E=A7=E5=88=B6=E7=BB=86=E7=B2=92=E5=BA=A6=E5=88=B0?= =?UTF-8?q?=E8=B5=84=E6=BA=90=E4=B8=8A?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../datascope/annotation/DataPermission.java | 20 +++-- .../AbstractDataPermissionHandler.java | 84 +++++++++++++++++++ .../handler/DataPermissionHandler.java | 14 +++- .../DataPermissionInterceptor.java | 61 +------------- .../common/datascope/util/AnnotationUtil.java | 61 ++++++++++++++ .../common/datascope/test/SqlParseTest.java | 20 +++-- 6 files changed, 185 insertions(+), 75 deletions(-) create mode 100644 ballcat-starters/ballcat-spring-boot-starter-datascope/src/main/java/com/hccake/ballcat/common/datascope/handler/AbstractDataPermissionHandler.java create mode 100644 ballcat-starters/ballcat-spring-boot-starter-datascope/src/main/java/com/hccake/ballcat/common/datascope/util/AnnotationUtil.java diff --git a/ballcat-starters/ballcat-spring-boot-starter-datascope/src/main/java/com/hccake/ballcat/common/datascope/annotation/DataPermission.java b/ballcat-starters/ballcat-spring-boot-starter-datascope/src/main/java/com/hccake/ballcat/common/datascope/annotation/DataPermission.java index 21aaff3c..330a0bb7 100644 --- a/ballcat-starters/ballcat-spring-boot-starter-datascope/src/main/java/com/hccake/ballcat/common/datascope/annotation/DataPermission.java +++ b/ballcat-starters/ballcat-spring-boot-starter-datascope/src/main/java/com/hccake/ballcat/common/datascope/annotation/DataPermission.java @@ -13,15 +13,23 @@ import java.lang.annotation.*; public @interface DataPermission { /** - * 资源类型 - * @return 资源类型数组 + * 当前类或方法是否忽略数据权限 + * @return boolean 默认返回 false */ - String[] resources(); + boolean ignore() default false; /** - * 用于在全局开启或者关闭数据权限时,对指定类或者指定方法进行开关控制 - * @return boolean 默认返回 true + * 仅对指定资源类型进行数据权限控制,只在开启情况下有效,当该数组有值时,exclude不生效 + * @see DataPermission#excludeResources + * @return 资源类型数组 */ - boolean enabled() default true; + String[] includeResources() default {}; + + /** + * 对指定资源类型跳过数据权限控制,只在开启情况下有效,当该includeResources有值时,exclude不生效 + * @see DataPermission#includeResources + * @return 资源类型数组 + */ + String[] excludeResources() default {}; } diff --git a/ballcat-starters/ballcat-spring-boot-starter-datascope/src/main/java/com/hccake/ballcat/common/datascope/handler/AbstractDataPermissionHandler.java b/ballcat-starters/ballcat-spring-boot-starter-datascope/src/main/java/com/hccake/ballcat/common/datascope/handler/AbstractDataPermissionHandler.java new file mode 100644 index 00000000..935db1dd --- /dev/null +++ b/ballcat-starters/ballcat-spring-boot-starter-datascope/src/main/java/com/hccake/ballcat/common/datascope/handler/AbstractDataPermissionHandler.java @@ -0,0 +1,84 @@ +package com.hccake.ballcat.common.datascope.handler; + +import com.hccake.ballcat.common.datascope.DataScope; +import com.hccake.ballcat.common.datascope.annotation.DataPermission; +import com.hccake.ballcat.common.datascope.util.AnnotationUtil; +import lombok.RequiredArgsConstructor; + +import java.util.*; +import java.util.concurrent.ConcurrentHashMap; +import java.util.stream.Collectors; + +/** + * @author Hccake 2021/1/27 + * @version 1.0 + */ +@RequiredArgsConstructor +public abstract class AbstractDataPermissionHandler implements DataPermissionHandler { + + private final List dataScopes; + + private final static Map DATA_PERMISSION_CACHE = new ConcurrentHashMap<>(); + + /** + * 系统配置的所有的数据范围 + * @return 数据范围集合 + */ + @Override + public List dataScopes() { + return dataScopes; + } + + /** + * 系统配置的所有的数据范围 + * @param mappedStatementId Mapper方法ID + * @return 数据范围集合 + */ + @Override + public List filterDataScopes(String mappedStatementId) { + if (this.dataScopes == null || this.dataScopes.size() == 0) { + return new ArrayList<>(); + } + // 获取当前方法对应的权限注解,根据注解进行数据范围控制的过滤 + DataPermission dataPermission = getDataPermissionCache(mappedStatementId); + if (dataPermission == null) { + return dataScopes; + } + + if (dataPermission.ignore()) { + return new ArrayList<>(); + } + + // 当指定了只包含的资源时,只对该资源的DataScope + if (dataPermission.includeResources().length > 0) { + Set a = new HashSet<>(Arrays.asList(dataPermission.includeResources())); + return dataScopes.stream().filter(x -> a.contains(x.getResource())).collect(Collectors.toList()); + } + + // 当未指定只包含的资源,且指定了排除的资源时,则排除此部分资源的 DataScope + if (dataPermission.excludeResources().length > 0) { + Set a = new HashSet<>(Arrays.asList(dataPermission.excludeResources())); + return dataScopes.stream().filter(x -> !a.contains(x.getResource())).collect(Collectors.toList()); + } + + return dataScopes; + } + + /** + * 从缓存中获取数据权限注解 优先获取方法上的注解,再获取类上的注解 + * @param mappedStatementId 类名.方法名 + * @return 当前方法有效的数据权限注解 + */ + public DataPermission getDataPermissionCache(String mappedStatementId) { + if (DATA_PERMISSION_CACHE.containsKey(mappedStatementId)) { + return DATA_PERMISSION_CACHE.get(mappedStatementId); + } + else { + DataPermission dataPermission = AnnotationUtil.findAnnotationByMappedStatementId(mappedStatementId, + DataPermission.class); + DATA_PERMISSION_CACHE.put(mappedStatementId, dataPermission); + return dataPermission; + } + } + +} diff --git a/ballcat-starters/ballcat-spring-boot-starter-datascope/src/main/java/com/hccake/ballcat/common/datascope/handler/DataPermissionHandler.java b/ballcat-starters/ballcat-spring-boot-starter-datascope/src/main/java/com/hccake/ballcat/common/datascope/handler/DataPermissionHandler.java index 4f6df77b..62407142 100644 --- a/ballcat-starters/ballcat-spring-boot-starter-datascope/src/main/java/com/hccake/ballcat/common/datascope/handler/DataPermissionHandler.java +++ b/ballcat-starters/ballcat-spring-boot-starter-datascope/src/main/java/com/hccake/ballcat/common/datascope/handler/DataPermissionHandler.java @@ -19,9 +19,17 @@ public interface DataPermissionHandler { List dataScopes(); /** - * 是否忽略权限控制 - * @return boolean true: 忽略,false: 进行权限控制 + * 根据权限注解过滤后的数据范围集合 + * @param mappedStatementId Mapper方法ID + * @return 数据范围集合 */ - boolean ignorePermissionControl(); + List filterDataScopes(String mappedStatementId); + + /** + * 是否忽略权限控制,用于及早的忽略控制,例如管理员直接放行,而不必等到DataScope中再进行过滤处理,提升效率 + * @return boolean true: 忽略,false: 进行权限控制 + * @param mappedStatementId Mapper方法ID + */ + boolean ignorePermissionControl(String mappedStatementId); } diff --git a/ballcat-starters/ballcat-spring-boot-starter-datascope/src/main/java/com/hccake/ballcat/common/datascope/interceptor/DataPermissionInterceptor.java b/ballcat-starters/ballcat-spring-boot-starter-datascope/src/main/java/com/hccake/ballcat/common/datascope/interceptor/DataPermissionInterceptor.java index e844b282..308e3497 100644 --- a/ballcat-starters/ballcat-spring-boot-starter-datascope/src/main/java/com/hccake/ballcat/common/datascope/interceptor/DataPermissionInterceptor.java +++ b/ballcat-starters/ballcat-spring-boot-starter-datascope/src/main/java/com/hccake/ballcat/common/datascope/interceptor/DataPermissionInterceptor.java @@ -1,7 +1,6 @@ package com.hccake.ballcat.common.datascope.interceptor; import com.hccake.ballcat.common.datascope.DataScope; -import com.hccake.ballcat.common.datascope.annotation.DataPermission; import com.hccake.ballcat.common.datascope.handler.DataPermissionHandler; import com.hccake.ballcat.common.datascope.processor.DataScopeSqlProcessor; import com.hccake.ballcat.common.datascope.util.PluginUtils; @@ -11,7 +10,6 @@ import org.apache.ibatis.mapping.MappedStatement; import org.apache.ibatis.mapping.SqlCommandType; import org.apache.ibatis.plugin.*; -import java.lang.reflect.Method; import java.sql.Connection; import java.util.List; import java.util.Properties; @@ -40,17 +38,14 @@ public class DataPermissionInterceptor implements Interceptor { MappedStatement ms = mpSh.mappedStatement(); SqlCommandType sct = ms.getSqlCommandType(); PluginUtils.MPBoundSql mpBs = mpSh.mPBoundSql(); - - DataPermission annotation = findDataPermissionAnnotation(ms.getId()); - if (annotation != null && !annotation.enabled()) { - return invocation.proceed(); - } + String mappedStatementId = ms.getId(); // 根据用户权限判断是否需要拦截,例如管理员可以查看所有,则直接放行 - if (dataPermissionHandler.ignorePermissionControl()) { + if (dataPermissionHandler.ignorePermissionControl(mappedStatementId)) { return invocation.proceed(); } - List dataScopes = dataPermissionHandler.dataScopes(); + + List dataScopes = dataPermissionHandler.filterDataScopes(mappedStatementId); if (dataScopes == null || dataScopes.size() == 0) { return invocation.proceed(); } @@ -79,52 +74,4 @@ public class DataPermissionInterceptor implements Interceptor { } - /** - * 获取数据权限注解 优先获取方法上的注解,再获取类上的注解 - * @param mappedStatementId 类名.方法名 - * @return 数据权限注解 - */ - private DataPermission findDataPermissionAnnotation(String mappedStatementId) { - if (mappedStatementId == null || "".equals(mappedStatementId)) { - return null; - } - // 1.得到类路径和方法路径 - int lastIndexOfDot = mappedStatementId.lastIndexOf("."); - if (lastIndexOfDot < 0) { - return null; - } - String className = mappedStatementId.substring(0, lastIndexOfDot); - String methodName = mappedStatementId.substring(lastIndexOfDot + 1); - if ("".equals(className) || "".equals(methodName)) { - return null; - } - - // 2.字节码 - Class clazz = null; - try { - clazz = Class.forName(className); - } - catch (ClassNotFoundException e) { - e.printStackTrace(); - } - if (clazz == null) { - return null; - } - - DataPermission annotation = null; - // 3.得到方法上的注解 - Method[] methods = clazz.getMethods(); - for (Method method : methods) { - String name = method.getName(); - if (methodName.equals(name)) { - annotation = method.getAnnotation(DataPermission.class); - break; - } - } - if (annotation == null) { - annotation = clazz.getAnnotation(DataPermission.class); - } - return annotation; - } - } diff --git a/ballcat-starters/ballcat-spring-boot-starter-datascope/src/main/java/com/hccake/ballcat/common/datascope/util/AnnotationUtil.java b/ballcat-starters/ballcat-spring-boot-starter-datascope/src/main/java/com/hccake/ballcat/common/datascope/util/AnnotationUtil.java new file mode 100644 index 00000000..8ce1b920 --- /dev/null +++ b/ballcat-starters/ballcat-spring-boot-starter-datascope/src/main/java/com/hccake/ballcat/common/datascope/util/AnnotationUtil.java @@ -0,0 +1,61 @@ +package com.hccake.ballcat.common.datascope.util; + +import java.lang.annotation.Annotation; +import java.lang.reflect.Method; + +/** + * @author Hccake 2021/1/27 + * @version 1.0 + */ +public class AnnotationUtil { + + /** + * 获取数据权限注解 优先获取方法上的注解,再获取类上的注解 + * @param mappedStatementId 类名.方法名 + * @return 数据权限注解 + */ + public static A findAnnotationByMappedStatementId(String mappedStatementId, + Class aClass) { + if (mappedStatementId == null || "".equals(mappedStatementId)) { + return null; + } + // 1.得到类路径和方法路径 + int lastIndexOfDot = mappedStatementId.lastIndexOf("."); + if (lastIndexOfDot < 0) { + return null; + } + String className = mappedStatementId.substring(0, lastIndexOfDot); + String methodName = mappedStatementId.substring(lastIndexOfDot + 1); + if ("".equals(className) || "".equals(methodName)) { + return null; + } + + // 2.字节码 + Class clazz = null; + try { + clazz = Class.forName(className); + } + catch (ClassNotFoundException e) { + e.printStackTrace(); + } + if (clazz == null) { + return null; + } + + A annotation = null; + // 3.得到方法上的注解 + Method[] methods = clazz.getMethods(); + for (Method method : methods) { + String name = method.getName(); + if (methodName.equals(name)) { + annotation = method.getAnnotation(aClass); + break; + } + } + if (annotation == null) { + annotation = clazz.getAnnotation(aClass); + } + return annotation; + } + +} diff --git a/ballcat-starters/ballcat-spring-boot-starter-datascope/src/test/java/com/hccake/ballcat/common/datascope/test/SqlParseTest.java b/ballcat-starters/ballcat-spring-boot-starter-datascope/src/test/java/com/hccake/ballcat/common/datascope/test/SqlParseTest.java index 9dc173bb..2c8a8378 100644 --- a/ballcat-starters/ballcat-spring-boot-starter-datascope/src/test/java/com/hccake/ballcat/common/datascope/test/SqlParseTest.java +++ b/ballcat-starters/ballcat-spring-boot-starter-datascope/src/test/java/com/hccake/ballcat/common/datascope/test/SqlParseTest.java @@ -1,6 +1,7 @@ package com.hccake.ballcat.common.datascope.test; import com.hccake.ballcat.common.datascope.DataScope; +import com.hccake.ballcat.common.datascope.handler.AbstractDataPermissionHandler; import com.hccake.ballcat.common.datascope.handler.DataPermissionHandler; import com.hccake.ballcat.common.datascope.processor.DataScopeSqlProcessor; import net.sf.jsqlparser.expression.Alias; @@ -10,6 +11,7 @@ import net.sf.jsqlparser.expression.operators.relational.ExpressionList; import net.sf.jsqlparser.expression.operators.relational.InExpression; import net.sf.jsqlparser.schema.Column; import org.junit.jupiter.api.Test; +import org.springframework.util.Assert; import java.util.*; @@ -45,16 +47,12 @@ public class SqlParseTest { } }; - DataPermissionHandler dataPermissionHandler = new DataPermissionHandler() { - @Override - public List dataScopes() { - List list = new ArrayList<>(); - list.add(dataScope); - return list; - } + List dataScopes = new ArrayList<>(); + dataScopes.add(dataScope); + DataPermissionHandler dataPermissionHandler = new AbstractDataPermissionHandler(dataScopes) { @Override - public boolean ignorePermissionControl() { + public boolean ignorePermissionControl(String mappedStatementId) { return false; } }; @@ -67,7 +65,11 @@ public class SqlParseTest { + "from t_ORDER o left join t_order_info oi on o.order_id = oi.order_id " + "where oi.order_price > 100"; - dataScopeSqlProcessor.parserSingle(sql, dataPermissionHandler.dataScopes()); + String parseSql = dataScopeSqlProcessor.parserSingle(sql, dataPermissionHandler.dataScopes()); + System.out.println(parseSql); + + String trueSql = "SELECT o.order_id, o.order_name, oi.order_price FROM t_ORDER o LEFT JOIN t_order_info oi ON o.order_id = oi.order_id AND oi.order_id IN ('1', '2') WHERE oi.order_price > 100 AND o.order_id IN ('1', '2')"; + Assert.isTrue(trueSql.equals(parseSql), "sql 数据权限解析异常"); } } From 76b0a20bb180d2e20b86bccd484b51e7d886ebf5 Mon Sep 17 00:00:00 2001 From: b2baccline <23131013+b2baccline@users.noreply.github.com> Date: Wed, 27 Jan 2021 17:00:20 +0800 Subject: [PATCH 2/5] =?UTF-8?q?:zap:=20=E8=AE=BF=E9=97=AE=E6=97=A5?= =?UTF-8?q?=E5=BF=97=E5=BF=BD=E7=95=A5=E9=AA=8C=E8=AF=81=E7=A0=81=E8=8E=B7?= =?UTF-8?q?=E5=8F=96=E8=AF=B7=E6=B1=82=EF=BC=8C=E6=93=8D=E4=BD=9C=E6=97=A5?= =?UTF-8?q?=E5=BF=97=E5=BF=BD=E7=95=A5=E8=AE=B0=E5=BD=95MutipartFile?= =?UTF-8?q?=E7=B1=BB=E5=9E=8B=E5=8F=82=E6=95=B0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../log/access/AccessLogProperties.java | 3 +- .../operation/aspect/OperationLogAspect.java | 29 +++++++++++++++---- 2 files changed, 25 insertions(+), 7 deletions(-) diff --git a/ballcat-starters/ballcat-spring-boot-starter-log/src/main/java/com/hccake/ballcat/commom/log/access/AccessLogProperties.java b/ballcat-starters/ballcat-spring-boot-starter-log/src/main/java/com/hccake/ballcat/commom/log/access/AccessLogProperties.java index 4727ee99..b6168411 100644 --- a/ballcat-starters/ballcat-spring-boot-starter-log/src/main/java/com/hccake/ballcat/commom/log/access/AccessLogProperties.java +++ b/ballcat-starters/ballcat-spring-boot-starter-log/src/main/java/com/hccake/ballcat/commom/log/access/AccessLogProperties.java @@ -18,6 +18,7 @@ public class AccessLogProperties { /** * 忽略的Url匹配规则,Ant风格 */ - private List ignoreUrlPatterns = Arrays.asList("/actuator/**", "/webjars/**", "/favicon.ico"); + private List ignoreUrlPatterns = Arrays.asList("/actuator/**", "/webjars/**", "/favicon.ico", + "/captcha/get"); } diff --git a/ballcat-starters/ballcat-spring-boot-starter-log/src/main/java/com/hccake/ballcat/commom/log/operation/aspect/OperationLogAspect.java b/ballcat-starters/ballcat-spring-boot-starter-log/src/main/java/com/hccake/ballcat/commom/log/operation/aspect/OperationLogAspect.java index 9872e149..ea403fd1 100644 --- a/ballcat-starters/ballcat-spring-boot-starter-log/src/main/java/com/hccake/ballcat/commom/log/operation/aspect/OperationLogAspect.java +++ b/ballcat-starters/ballcat-spring-boot-starter-log/src/main/java/com/hccake/ballcat/commom/log/operation/aspect/OperationLogAspect.java @@ -22,15 +22,14 @@ import org.springframework.context.ApplicationEventPublisher; import org.springframework.core.annotation.AnnotatedElementUtils; import org.springframework.core.annotation.Order; import org.springframework.util.Assert; +import org.springframework.web.multipart.MultipartFile; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import java.lang.reflect.Method; import java.time.LocalDateTime; -import java.util.HashMap; -import java.util.Map; -import java.util.Objects; +import java.util.*; /** * @author Hccake @@ -47,6 +46,17 @@ public class OperationLogAspect { private final ApplicationEventPublisher publisher; + private final List> ignoredParamClasses = Arrays.asList(ServletRequest.class, ServletResponse.class, + MultipartFile.class); + + /** + * 添加忽略记录的参数类型 + * @param clazz 参数类型 + */ + public void addIgnoredParamClass(Class clazz) { + ignoredParamClasses.add(clazz); + } + @Around("execution(@(@com.hccake.ballcat.commom.log.operation.annotation.OperationLogging *) * *(..)) " + "|| @annotation(com.hccake.ballcat.commom.log.operation.annotation.OperationLogging)") public Object around(ProceedingJoinPoint joinPoint) throws Throwable { @@ -125,14 +135,21 @@ public class OperationLogAspect { } Map paramsMap = new HashMap<>(); for (int i = 0; i < parameterNames.length; i++) { - if (args[i] instanceof ServletRequest || args[i] instanceof ServletResponse) { - continue; + Object arg = args[i]; + Class argClass = arg.getClass(); + // 忽略部分类型的参数记录 + for (Class ignoredParamClass : ignoredParamClasses) { + if (ignoredParamClass.isAssignableFrom(argClass)) { + arg = "ignored param type: " + argClass; + break; + } } - paramsMap.put(parameterNames[i], args[i]); + paramsMap.put(parameterNames[i], arg); } String params = ""; try { + // 入参类中的属性可以通过注解进行数据落库脱敏以及忽略等操作 params = objectMapper.writeValueAsString(paramsMap); } catch (Exception e) { From 6bf6588c6e25119f3e9731b8da994db2fed48dc5 Mon Sep 17 00:00:00 2001 From: b2baccline <23131013+b2baccline@users.noreply.github.com> Date: Thu, 28 Jan 2021 21:40:36 +0800 Subject: [PATCH 3/5] =?UTF-8?q?:bug:=20=E4=BF=AE=E5=A4=8DdataPermission?= =?UTF-8?q?=E8=8E=B7=E5=8F=96=E7=A9=BA=E6=8C=87=E9=92=88=E9=97=AE=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../AbstractDataPermissionHandler.java | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/ballcat-starters/ballcat-spring-boot-starter-datascope/src/main/java/com/hccake/ballcat/common/datascope/handler/AbstractDataPermissionHandler.java b/ballcat-starters/ballcat-spring-boot-starter-datascope/src/main/java/com/hccake/ballcat/common/datascope/handler/AbstractDataPermissionHandler.java index 935db1dd..5e58745c 100644 --- a/ballcat-starters/ballcat-spring-boot-starter-datascope/src/main/java/com/hccake/ballcat/common/datascope/handler/AbstractDataPermissionHandler.java +++ b/ballcat-starters/ballcat-spring-boot-starter-datascope/src/main/java/com/hccake/ballcat/common/datascope/handler/AbstractDataPermissionHandler.java @@ -13,6 +13,7 @@ import java.util.stream.Collectors; * @author Hccake 2021/1/27 * @version 1.0 */ +@DataPermission @RequiredArgsConstructor public abstract class AbstractDataPermissionHandler implements DataPermissionHandler { @@ -20,6 +21,12 @@ public abstract class AbstractDataPermissionHandler implements DataPermissionHan private final static Map DATA_PERMISSION_CACHE = new ConcurrentHashMap<>(); + /** + * 提供一个默认的空值注解,用于缓存空值占位使用 + */ + private final static DataPermission EMPTY_DATA_PERMISSION = AbstractDataPermissionHandler.class + .getAnnotation(DataPermission.class); + /** * 系统配置的所有的数据范围 * @return 数据范围集合 @@ -69,14 +76,16 @@ public abstract class AbstractDataPermissionHandler implements DataPermissionHan * @param mappedStatementId 类名.方法名 * @return 当前方法有效的数据权限注解 */ - public DataPermission getDataPermissionCache(String mappedStatementId) { + private DataPermission getDataPermissionCache(String mappedStatementId) { + DataPermission dataPermission; if (DATA_PERMISSION_CACHE.containsKey(mappedStatementId)) { - return DATA_PERMISSION_CACHE.get(mappedStatementId); + dataPermission = DATA_PERMISSION_CACHE.get(mappedStatementId); + return EMPTY_DATA_PERMISSION.equals(dataPermission) ? null : dataPermission; } else { - DataPermission dataPermission = AnnotationUtil.findAnnotationByMappedStatementId(mappedStatementId, - DataPermission.class); - DATA_PERMISSION_CACHE.put(mappedStatementId, dataPermission); + dataPermission = AnnotationUtil.findAnnotationByMappedStatementId(mappedStatementId, DataPermission.class); + DATA_PERMISSION_CACHE.put(mappedStatementId, + dataPermission == null ? EMPTY_DATA_PERMISSION : dataPermission); return dataPermission; } } From ec5ade668b51d0c555030da06696f5f54664d638 Mon Sep 17 00:00:00 2001 From: b2baccline <23131013+b2baccline@users.noreply.github.com> Date: Mon, 1 Feb 2021 17:33:36 +0800 Subject: [PATCH 4/5] =?UTF-8?q?:art:=20Wrapper=E6=9D=A1=E4=BB=B6=E5=88=A4?= =?UTF-8?q?=E6=96=AD=EF=BC=8C=E5=AF=B9=E4=BA=8E=E5=AD=97=E7=AC=A6=E4=B8=B2?= =?UTF-8?q?=E4=BD=BF=E7=94=A8=E9=9D=9E=E7=A9=BA=E9=9D=9Enull=E6=A0=A1?= =?UTF-8?q?=E9=AA=8C=EF=BC=8C=E7=A9=BA=E7=99=BD=E7=AC=A6=E4=B9=9F=E4=B8=8D?= =?UTF-8?q?=E8=BF=9B=E8=A1=8C=E6=9F=A5=E8=AF=A2?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../conditions/query/LambdaQueryWrapperX.java | 66 +++++++++++++------ 1 file changed, 45 insertions(+), 21 deletions(-) diff --git a/ballcat-extends/ballcat-extend-mybatis-plus/src/main/java/com/hccake/extend/mybatis/plus/conditions/query/LambdaQueryWrapperX.java b/ballcat-extends/ballcat-extend-mybatis-plus/src/main/java/com/hccake/extend/mybatis/plus/conditions/query/LambdaQueryWrapperX.java index 876e538b..59ace2a0 100644 --- a/ballcat-extends/ballcat-extend-mybatis-plus/src/main/java/com/hccake/extend/mybatis/plus/conditions/query/LambdaQueryWrapperX.java +++ b/ballcat-extends/ballcat-extend-mybatis-plus/src/main/java/com/hccake/extend/mybatis/plus/conditions/query/LambdaQueryWrapperX.java @@ -1,6 +1,9 @@ package com.hccake.extend.mybatis.plus.conditions.query; -import cn.hutool.core.util.ObjectUtil; +import cn.hutool.core.collection.IterUtil; +import cn.hutool.core.map.MapUtil; +import cn.hutool.core.util.ArrayUtil; +import cn.hutool.core.util.StrUtil; import com.baomidou.mybatisplus.core.conditions.AbstractLambdaWrapper; import com.baomidou.mybatisplus.core.conditions.SharedString; import com.baomidou.mybatisplus.core.conditions.query.Query; @@ -11,10 +14,7 @@ import com.baomidou.mybatisplus.core.toolkit.ArrayUtils; import com.baomidou.mybatisplus.core.toolkit.Assert; import com.baomidou.mybatisplus.core.toolkit.support.SFunction; -import java.util.Arrays; -import java.util.Collection; -import java.util.Map; -import java.util.Optional; +import java.util.*; import java.util.concurrent.atomic.AtomicInteger; import java.util.function.Predicate; @@ -144,66 +144,90 @@ public class LambdaQueryWrapperX extends AbstractLambdaWrapper eqIfPresent(SFunction column, Object val) { - return super.eq(conditional(val), column, val); + return super.eq(isPresent(val), column, val); } public LambdaQueryWrapperX neIfPresent(SFunction column, Object val) { - return super.ne(conditional(val), column, val); + return super.ne(isPresent(val), column, val); } public LambdaQueryWrapperX gtIfPresent(SFunction column, Object val) { - return super.gt(conditional(val), column, val); + return super.gt(isPresent(val), column, val); } public LambdaQueryWrapperX geIfPresent(SFunction column, Object val) { - return super.ge(conditional(val), column, val); + return super.ge(isPresent(val), column, val); } public LambdaQueryWrapperX ltIfPresent(SFunction column, Object val) { - return super.lt(conditional(val), column, val); + return super.lt(isPresent(val), column, val); } public LambdaQueryWrapperX leIfPresent(SFunction column, Object val) { - return super.le(conditional(val), column, val); + return super.le(isPresent(val), column, val); } public LambdaQueryWrapperX likeIfPresent(SFunction column, Object val) { - return super.like(conditional(val), column, val); + return super.like(isPresent(val), column, val); } public LambdaQueryWrapperX notLikeIfPresent(SFunction column, Object val) { - return super.notLike(conditional(val), column, val); + return super.notLike(isPresent(val), column, val); } public LambdaQueryWrapperX likeLeftIfPresent(SFunction column, Object val) { - return super.likeLeft(conditional(val), column, val); + return super.likeLeft(isPresent(val), column, val); } public LambdaQueryWrapperX likeRightIfPresent(SFunction column, Object val) { - return super.likeRight(conditional(val), column, val); + return super.likeRight(isPresent(val), column, val); } public LambdaQueryWrapperX inIfPresent(SFunction column, Object... values) { - return super.in(conditional(values), column, + return super.in(isPresent(values), column, Arrays.stream(Optional.ofNullable(values).orElseGet(() -> new Object[] {}))); } public LambdaQueryWrapperX inIfPresent(SFunction column, Collection values) { - return super.in(conditional(values), column, values); + return super.in(isPresent(values), column, values); } public LambdaQueryWrapperX notInIfPresent(SFunction column, Object... values) { - return super.notIn(conditional(values), column, + return super.notIn(isPresent(values), column, Arrays.stream(Optional.ofNullable(values).orElseGet(() -> new Object[] {}))); } public LambdaQueryWrapperX notInIfPresent(SFunction column, Collection values) { - return super.notIn(conditional(values), column, values); + return super.notIn(isPresent(values), column, values); } } From fef923549ec24bfb973239f0b27cf693a541afcd Mon Sep 17 00:00:00 2001 From: b2baccline <23131013+b2baccline@users.noreply.github.com> Date: Fri, 19 Feb 2021 10:39:54 +0800 Subject: [PATCH 5/5] =?UTF-8?q?:zap:=20=E7=94=A8=E6=88=B7=E5=AF=86?= =?UTF-8?q?=E7=A0=81=E5=9C=A8Controller=E5=B1=82=E7=BB=9F=E4=B8=80?= =?UTF-8?q?=E8=BF=9B=E8=A1=8CAES=E8=A7=A3=E5=AF=86=EF=BC=8Cservice?= =?UTF-8?q?=E5=B1=82=E8=BE=93=E5=85=A5=E4=BF=9D=E8=AF=81=E4=BD=BF=E7=94=A8?= =?UTF-8?q?=E6=98=8E=E6=96=87=E5=AF=86=E7=A0=81?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../sys/controller/SysUserController.java | 28 ++++++++++++++----- .../modules/sys/mapper/SysUserMapper.java | 2 +- .../sys/model/converter/SysUserConverter.java | 2 ++ .../modules/sys/model/dto/SysUserDTO.java | 7 +++++ .../modules/sys/service/SysUserService.java | 4 +-- .../sys/service/impl/SysUserServiceImpl.java | 20 ++++++------- .../common/core/util/PasswordUtil.java | 10 ------- 7 files changed, 42 insertions(+), 31 deletions(-) diff --git a/ballcat-admin/ballcat-admin-core/src/main/java/com/hccake/ballcat/admin/modules/sys/controller/SysUserController.java b/ballcat-admin/ballcat-admin-core/src/main/java/com/hccake/ballcat/admin/modules/sys/controller/SysUserController.java index 9679b7d2..09ef5c71 100644 --- a/ballcat-admin/ballcat-admin-core/src/main/java/com/hccake/ballcat/admin/modules/sys/controller/SysUserController.java +++ b/ballcat-admin/ballcat-admin-core/src/main/java/com/hccake/ballcat/admin/modules/sys/controller/SysUserController.java @@ -20,10 +20,12 @@ import com.hccake.ballcat.common.core.domain.SelectData; import com.hccake.ballcat.common.core.result.BaseResultCode; import com.hccake.ballcat.common.core.result.R; import com.hccake.ballcat.common.core.result.SystemResultCode; +import com.hccake.ballcat.common.core.util.PasswordUtil; import io.swagger.annotations.Api; import io.swagger.annotations.ApiOperation; import lombok.RequiredArgsConstructor; import lombok.extern.slf4j.Slf4j; +import org.springframework.beans.factory.annotation.Value; import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.validation.annotation.Validated; import org.springframework.web.bind.annotation.*; @@ -54,6 +56,12 @@ public class SysUserController { private final SysUserRoleService sysUserRoleService; + /** + * TODO 封装为实体对象,方便归档系统参数 + */ + @Value("${password.secret-key}") + private String passwordSecretKey; + /** * 分页查询用户 * @param pageParam 参数集 @@ -78,20 +86,22 @@ public class SysUserController { /** * 新增用户 - * @param sysUserDto userInfo + * @param sysUserDTO userInfo * @return success/false */ @PostMapping @ApiOperation(value = "新增系统用户", notes = "新增系统用户") @CreateOperationLogging(msg = "新增系统用户") @PreAuthorize("@per.hasPermission('sys:sysuser:add')") - public R addSysUser(@Valid @RequestBody SysUserDTO sysUserDto) { - - SysUser user = sysUserService.getByUsername(sysUserDto.getUsername()); + public R addSysUser(@Valid @RequestBody SysUserDTO sysUserDTO) { + SysUser user = sysUserService.getByUsername(sysUserDTO.getUsername()); if (user != null) { return R.failed(BaseResultCode.LOGIC_CHECK_ERROR, "用户名已存在"); } - return sysUserService.addSysUser(sysUserDto) ? R.ok() + // 明文密码 + String password = PasswordUtil.decodeAES(sysUserDTO.getPass(), passwordSecretKey); + sysUserDTO.setPassword(password); + return sysUserService.addSysUser(sysUserDTO) ? R.ok() : R.failed(BaseResultCode.UPDATE_DATABASE_ERROR, "新增系统用户失败"); } @@ -164,10 +174,14 @@ public class SysUserController { @UpdateOperationLogging(msg = "修改系统用户密码") @PreAuthorize("@per.hasPermission('sys:sysuser:pass')") public R updateUserPass(@PathVariable Integer userId, @RequestBody SysUserPassDTO sysUserPassDTO) { - if (!sysUserPassDTO.getPass().equals(sysUserPassDTO.getConfirmPass())) { + String pass = sysUserPassDTO.getPass(); + if (!pass.equals(sysUserPassDTO.getConfirmPass())) { return R.failed(SystemResultCode.BAD_REQUEST, "错误的密码!"); } - return sysUserService.updateUserPass(userId, sysUserPassDTO.getPass()) ? R.ok() + + // 明文密码 + String password = PasswordUtil.decodeAES(pass, passwordSecretKey); + return sysUserService.updatePassword(userId, password) ? R.ok() : R.failed(BaseResultCode.UPDATE_DATABASE_ERROR, "修改用户密码失败!"); } diff --git a/ballcat-admin/ballcat-admin-core/src/main/java/com/hccake/ballcat/admin/modules/sys/mapper/SysUserMapper.java b/ballcat-admin/ballcat-admin-core/src/main/java/com/hccake/ballcat/admin/modules/sys/mapper/SysUserMapper.java index 551bfaff..dceee899 100644 --- a/ballcat-admin/ballcat-admin-core/src/main/java/com/hccake/ballcat/admin/modules/sys/mapper/SysUserMapper.java +++ b/ballcat-admin/ballcat-admin-core/src/main/java/com/hccake/ballcat/admin/modules/sys/mapper/SysUserMapper.java @@ -74,7 +74,7 @@ public interface SysUserMapper extends ExtendMapper { * @param password 密码 * @return 更新条数 */ - default boolean updateUserPassword(Integer userId, String password) { + default boolean updatePassword(Integer userId, String password) { int i = this.update(null, Wrappers.lambdaUpdate().eq(SysUser::getUserId, userId).set(SysUser::getPassword, password)); return SqlHelper.retBool(i); diff --git a/ballcat-admin/ballcat-admin-core/src/main/java/com/hccake/ballcat/admin/modules/sys/model/converter/SysUserConverter.java b/ballcat-admin/ballcat-admin-core/src/main/java/com/hccake/ballcat/admin/modules/sys/model/converter/SysUserConverter.java index 7e8950ff..2181d057 100644 --- a/ballcat-admin/ballcat-admin-core/src/main/java/com/hccake/ballcat/admin/modules/sys/model/converter/SysUserConverter.java +++ b/ballcat-admin/ballcat-admin-core/src/main/java/com/hccake/ballcat/admin/modules/sys/model/converter/SysUserConverter.java @@ -4,6 +4,7 @@ import com.hccake.ballcat.admin.modules.sys.model.dto.SysUserDTO; import com.hccake.ballcat.admin.modules.sys.model.entity.SysUser; import com.hccake.ballcat.admin.modules.sys.model.vo.SysUserVO; import org.mapstruct.Mapper; +import org.mapstruct.Mapping; import org.mapstruct.factory.Mappers; /** @@ -21,6 +22,7 @@ public interface SysUserConverter { * @param sysUserDTO 系统用户DTO * @return SysUser 系统用户 */ + @Mapping(target = "password", ignore = true) SysUser dtoToPo(SysUserDTO sysUserDTO); /** diff --git a/ballcat-admin/ballcat-admin-core/src/main/java/com/hccake/ballcat/admin/modules/sys/model/dto/SysUserDTO.java b/ballcat-admin/ballcat-admin-core/src/main/java/com/hccake/ballcat/admin/modules/sys/model/dto/SysUserDTO.java index 709730f2..6280157c 100644 --- a/ballcat-admin/ballcat-admin-core/src/main/java/com/hccake/ballcat/admin/modules/sys/model/dto/SysUserDTO.java +++ b/ballcat-admin/ballcat-admin-core/src/main/java/com/hccake/ballcat/admin/modules/sys/model/dto/SysUserDTO.java @@ -1,5 +1,6 @@ package com.hccake.ballcat.admin.modules.sys.model.dto; +import com.fasterxml.jackson.annotation.JsonIgnore; import com.hccake.ballcat.common.core.desensite.annotation.JsonRegexDesensitize; import com.hccake.ballcat.common.core.desensite.enums.RegexDesensitizationTypeEnum; import io.swagger.annotations.ApiModelProperty; @@ -27,6 +28,12 @@ public class SysUserDTO { @ApiModelProperty(value = "前端传入密码") private String pass; + /** + * 用户明文密码, 不参与前后端交互 + */ + @JsonIgnore + private String password; + /** * 登录账号 */ diff --git a/ballcat-admin/ballcat-admin-core/src/main/java/com/hccake/ballcat/admin/modules/sys/service/SysUserService.java b/ballcat-admin/ballcat-admin-core/src/main/java/com/hccake/ballcat/admin/modules/sys/service/SysUserService.java index 6863aafe..ee3d2b14 100644 --- a/ballcat-admin/ballcat-admin-core/src/main/java/com/hccake/ballcat/admin/modules/sys/service/SysUserService.java +++ b/ballcat-admin/ballcat-admin-core/src/main/java/com/hccake/ballcat/admin/modules/sys/service/SysUserService.java @@ -77,10 +77,10 @@ public interface SysUserService extends ExtendService { /** * 修改用户密码 * @param userId 用户ID - * @param pass 未加密的密码 + * @param password 明文密码 * @return boolean */ - boolean updateUserPass(Integer userId, String pass); + boolean updatePassword(Integer userId, String password); /** * 批量修改用户状态 diff --git a/ballcat-admin/ballcat-admin-core/src/main/java/com/hccake/ballcat/admin/modules/sys/service/impl/SysUserServiceImpl.java b/ballcat-admin/ballcat-admin-core/src/main/java/com/hccake/ballcat/admin/modules/sys/service/impl/SysUserServiceImpl.java index 531595f9..7738d893 100644 --- a/ballcat-admin/ballcat-admin-core/src/main/java/com/hccake/ballcat/admin/modules/sys/service/impl/SysUserServiceImpl.java +++ b/ballcat-admin/ballcat-admin-core/src/main/java/com/hccake/ballcat/admin/modules/sys/service/impl/SysUserServiceImpl.java @@ -25,7 +25,6 @@ import com.hccake.ballcat.common.core.domain.SelectData; import com.hccake.ballcat.common.core.util.PasswordUtil; import com.hccake.extend.mybatis.plus.service.impl.ExtendServiceImpl; import lombok.RequiredArgsConstructor; -import org.springframework.beans.factory.annotation.Value; import org.springframework.context.ApplicationEventPublisher; import org.springframework.stereotype.Service; import org.springframework.transaction.annotation.Transactional; @@ -60,9 +59,6 @@ public class SysUserServiceImpl extends ExtendServiceImpl